Advisories » MGASA-2024-0098

Updated tcpreplay packages fix security vulnerabilities

Publication date: 28 Mar 2024
Modification date: 28 Mar 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-4256 , CVE-2023-43279

Description

Within tcpreplay's tcprewrite, a double free vulnerability has been
identified in the tcpedit_dlt_cleanup() function within
plugins/dlt_plugins.c. This vulnerability can be exploited by supplying
a specifically crafted file to the tcprewrite binary. This flaw enables
a local attacker to initiate a Denial of Service (DoS) attack.
(CVE-2023-4256)
Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcpreplay
4.4.4 allows attackers to crash the application via crafted tcprewrite
command. (CVE-2023-43279)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33013
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EHUILQV2YJI5TXXXJA5FQ2HJQGFT7NTN/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4256
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43279

SRPMS

9/core

• tcpreplay-4.4.3-2.1.mga9